Files
cinny-desktop/src-tauri/tauri.conf.json
T
jared 1c05ef6a7a
Build Lotus Chat Desktop / prepare (push) Successful in 5s
Build Lotus Chat Desktop / build-linux (push) Successful in 23m28s
Build Lotus Chat Desktop / build-windows (push) Successful in 23m28s
Build Lotus Chat Desktop / update-manifest (push) Successful in 8s
fix(config): drop the __csp_notes field — Tauri config schema is strict
`app.security.__csp_notes` failed `tauri.conf.json` schema validation
("Additional properties are not allowed") on BOTH platforms before any
compile. JSON can't hold comments and Tauri forbids extra keys, so the
rationale lives here instead:

CSP rationale (audit 2026-07): tightened from the fully-open policy.
- 'unsafe-eval' MUST stay: the native→web bridge (forward_deeplink /
  emit_to_web) uses window.eval, governed by page CSP; also covers crypto wasm.
- The sha256 hash allowlists the single inline `window.global ||= window;`
  shim in cinny's index.html (~line 96). If that snippet or its indentation
  changes, recompute the hash or the shim is silently blocked.
- connect-src / img-src / media-src keep http: (plain-http homeservers).
- Review-added: Google Fonts (VT323) + OpenStreetMap iframe (m.location).
- style-src keeps 'unsafe-inline' for React style attributes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 09:37:31 -04:00

76 lines
2.3 KiB
JSON

{
"bundle": {
"active": true,
"targets": "all",
"windows": {
"certificateThumbprint": null,
"digestAlgorithm": "sha256",
"timestampUrl": "",
"webviewInstallMode": {
"type": "downloadBootstrapper"
},
"nsis": {
"installMode": "currentUser"
},
"wix": {
"bannerPath": "wix/banner.bmp",
"dialogImagePath": "wix/dialogImage.bmp"
}
},
"icon": [
"icons/32x32.png",
"icons/128x128.png",
"icons/128x128@2x.png",
"icons/icon.icns",
"icons/icon.ico"
],
"resources": [],
"externalBin": [],
"copyright": "",
"category": "SocialNetworking",
"shortDescription": "Yet another matrix client",
"longDescription": "",
"macOS": {
"frameworks": [],
"minimumSystemVersion": "",
"exceptionDomain": "",
"signingIdentity": null,
"providerShortName": null,
"entitlements": null
},
"linux": {
"deb": {
"depends": []
}
},
"createUpdaterArtifacts": "v1Compatible"
},
"build": {
"beforeBuildCommand": "cd cinny && npm run build",
"frontendDist": "../cinny/dist",
"beforeDevCommand": "cd cinny && npm start",
"devUrl": "http://localhost:8080"
},
"productName": "Lotus Chat",
"mainBinaryName": "cinny",
"version": "4.12.2",
"identifier": "org.lotusguild.lotus-chat",
"plugins": {
"updater": {
"pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDM1N0Y0RThCQTJEQzY1NTkKUldSWlpkeWlpMDUvTlVjejMzN0E1U0FiaVpLK05QVkRXdWlMMm1NNUprMXAvTGZSbU5maVovNmwK",
"endpoints": [
"https://code.lotusguild.org/LotusGuild/cinny-desktop/releases/download/latest/release.json"
]
},
"deep-link": {
"desktop": {
"schemes": ["matrix"]
}
}
},
"app": {
"security": {
"csp": "default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-dT6noyex1I8o5CS9Sx/y8UOqwpZYIridpGz92gcObIM='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: http: https:; media-src 'self' blob: data: mediastream: http: https:; worker-src 'self' blob:; frame-src 'self' blob: https://www.openstreetmap.org; connect-src 'self' blob: data: ipc: ws: wss: http: https: http://ipc.localhost; object-src 'none'; base-uri 'self'"
}
}
}